diff options
Diffstat (limited to 'slackbook/html/filesystem-structure-permissions.html')
| -rw-r--r-- | slackbook/html/filesystem-structure-permissions.html | 314 |
1 files changed, 0 insertions, 314 deletions
diff --git a/slackbook/html/filesystem-structure-permissions.html b/slackbook/html/filesystem-structure-permissions.html deleted file mode 100644 index 0f951e77..00000000 --- a/slackbook/html/filesystem-structure-permissions.html +++ /dev/null @@ -1,314 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" - "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<html xmlns="http://www.w3.org/1999/xhtml"> -<head> -<meta name="generator" content="HTML Tidy, see www.w3.org" /> -<title>Permissions</title> -<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.7" /> -<link rel="HOME" title="Slackware Linux Essentials" href="index.html" /> -<link rel="UP" title="Filesystem Structure" href="filesystem-structure.html" /> -<link rel="PREVIOUS" title="Filesystem Structure" href="filesystem-structure.html" /> -<link rel="NEXT" title="Links" href="filesystem-structure-links.html" /> -<link rel="STYLESHEET" type="text/css" href="docbook.css" /> -<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> -</head> -<body class="SECT1" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084" -alink="#0000FF"> -<div class="NAVHEADER"> -<table summary="Header navigation table" width="100%" border="0" cellpadding="0" -cellspacing="0"> -<tr> -<th colspan="3" align="center">Slackware Linux Essentials</th> -</tr> - -<tr> -<td width="10%" align="left" valign="bottom"><a href="filesystem-structure.html" -accesskey="P">Prev</a></td> -<td width="80%" align="center" valign="bottom">Chapter 9 Filesystem Structure</td> -<td width="10%" align="right" valign="bottom"><a href="filesystem-structure-links.html" -accesskey="N">Next</a></td> -</tr> -</table> - -<hr align="LEFT" width="100%" /> -</div> - -<div class="SECT1"> -<h1 class="SECT1"><a id="FILESYSTEM-STRUCTURE-PERMISSIONS" -name="FILESYSTEM-STRUCTURE-PERMISSIONS">9.2 Permissions</a></h1> - -<p>Permissions are the other important part of the multiuser aspects of the filesystem. -With these, you can change who can read, write, and execute files.</p> - -<p>The permission information is stored as four octal digits, each specifying a different -set of permissions. There are owner permissions, group permissions, and world -permissions. The fourth octal digit is used to store special information such as set user -ID, set group ID, and the sticky bit. The octal values assigned to the permission modes -are (they also have letters associated with them that are displayed by programs such as -<tt class="COMMAND">ls</tt> and can be used by <tt class="COMMAND">chmod</tt>):</p> - -<div class="TABLE"><a id="AEN3142" name="AEN3142"></a> -<p><b>Table 9-1. Octal Permission Values</b></p> - -<table border="0" frame="void" class="CALSTABLE"> -<col width="3*" /> -<col width="1*" align="CENTER" /> -<col width="1*" align="CENTER" /> -<thead> -<tr> -<th>Permission Type</th> -<th>Octal Value</th> -<th>Letter Value</th> -</tr> -</thead> - -<tbody> -<tr> -<td>“sticky” bit</td> -<td>1</td> -<td>t</td> -</tr> - -<tr> -<td>set user ID</td> -<td>4</td> -<td>s</td> -</tr> - -<tr> -<td>set group ID</td> -<td>2</td> -<td>s</td> -</tr> - -<tr> -<td>read</td> -<td>4</td> -<td>r</td> -</tr> - -<tr> -<td>write</td> -<td>2</td> -<td>w</td> -</tr> - -<tr> -<td>execute</td> -<td>1</td> -<td>x</td> -</tr> -</tbody> -</table> -</div> - -<p>You add the octal values for each permission group. For example, if you want the group -permissions to be “read” and “write”, you would use -“6” in the group portion of the permission information.</p> - -<p><tt class="COMMAND">bash</tt>'s default permissions are:</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="SCREEN"> -<samp class="PROMPT">%</samp> <kbd class="USERINPUT">ls -l /bin/bash</kbd> --rwxr-xr-x 1 root bin 477692 Mar 21 19:57 /bin/bash -</pre> -</td> -</tr> -</table> - -<p>The first dash would be replaced with a “d” if this was a directory. The -three permission groups (owner, group, and world) are displayed next. We see that the -owner has read, write, and execute permissions (<var class="LITERAL">rwx</var>). The -group has only read and execute (<var class="LITERAL">r-x</var>). And everyone else has -only read and execute (<var class="LITERAL">r-x</var>).</p> - -<p>How would we set permissions on another file to resemble <tt -class="COMMAND">bash</tt>'s? First, let's make an example file:</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="SCREEN"> -<samp class="PROMPT">%</samp> <kbd class="USERINPUT">touch /tmp/example</kbd> -<samp class="PROMPT">%</samp> <kbd class="USERINPUT">ls -l /tmp/example</kbd> --rw-rw-r--- 1 david users 0 Apr 19 11:21 /tmp/example -</pre> -</td> -</tr> -</table> - -<p>We will use <tt class="COMMAND">chmod</tt>(1) (which means “change mode”) -to set the permissions on the example file. Add the octal numbers for the permissions you -want. For the owner to have read, write, and execute, we would have a value of <var -class="LITERAL">7</var>. Read and execute would have <var class="LITERAL">5</var>. Run -those together and pass them to <tt class="COMMAND">chmod</tt> like this:</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="SCREEN"> -<samp class="PROMPT">%</samp> <kbd class="USERINPUT">chmod 755 /tmp/example</kbd> -<samp class="PROMPT">%</samp> <kbd class="USERINPUT">ls -l /tmp/example</kbd> --rwxr-xr-x 1 david users 0 Apr 19 11:21 /tmp/example -</pre> -</td> -</tr> -</table> - -<p>Now you may be thinking, “Why didn't it just create a file with those -permissions in the first place?” Well the answer is simple. <tt -class="COMMAND">bash</tt> includes a nice little built-in called <tt -class="COMMAND">umask</tt>. This is included with most Unix shells as well, and controls -what file permissions are assigned to newly created files. We discussed <tt -class="COMMAND">bash</tt> built-ins to some degree in <a -href="shell-bash.html#SHELL-BASH-ENVIRONMENT">Section 8.3.1</a>. <tt -class="COMMAND">umask</tt> takes a little getting used to. It works very similar to <tt -class="COMMAND">chmod</tt>, only in reverse. You specify the octal values you do not wish -to have present in newly created files. The default umask value is <var -class="LITERAL">0022</var>.</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="SCREEN"> -<samp class="PROMPT">%</samp> <kbd class="USERINPUT">umask</kbd> -0022 -<samp class="PROMPT">%</samp> <kbd class="USERINPUT">umask 0077</kbd> -<samp class="PROMPT">%</samp> <kbd class="USERINPUT">touch tempfile</kbd> -<samp class="PROMPT">%</samp> <kbd class="USERINPUT">ls -l tempfile</kbd> --rw-------- 1 david users 0 Apr 19 11:21 tempfile -</pre> -</td> -</tr> -</table> - -<p>See the man page for <tt class="COMMAND">bash</tt> for more information.</p> - -<p>To set special permissions with <tt class="COMMAND">chmod</tt>, add the numbers -together and place them in the first column. For example, to make it set user ID and set -group ID, we use 6 as the first column:</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="SCREEN"> -<samp class="PROMPT">%</samp> <kbd class="USERINPUT">chmod 6755 /tmp/example</kbd> -<samp class="PROMPT">%</samp> <kbd class="USERINPUT">ls -l /tmp/example</kbd> --rwsr-sr-x 1 david users 0 Apr 19 11:21 /tmp/example -</pre> -</td> -</tr> -</table> - -<p>If the octal values confuse you, you can use letters with <tt -class="COMMAND">chmod</tt>. The permission groups are represented as:</p> - -<div class="INFORMALTABLE"><a id="AEN3246" name="AEN3246"></a> -<table border="0" frame="void" class="CALSTABLE"> -<col /> -<col /> -<tbody> -<tr> -<td>Owner</td> -<td>u</td> -</tr> - -<tr> -<td>Group</td> -<td>g</td> -</tr> - -<tr> -<td>World</td> -<td>o</td> -</tr> - -<tr> -<td>All of the above</td> -<td>a</td> -</tr> -</tbody> -</table> -</div> - -<p>To do the above, we would have to use several command lines:</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="SCREEN"> -<samp class="PROMPT">%</samp> <kbd class="USERINPUT">chmod a+rx /tmp/example</kbd> -<samp class="PROMPT">%</samp> <kbd class="USERINPUT">chmod u+w /tmp/example</kbd> -<samp class="PROMPT">%</samp> <kbd class="USERINPUT">chmod ug+s /tmp/example</kbd> -</pre> -</td> -</tr> -</table> - -<p>Some people prefer the letters over the numbers. Either way will result in the same -set of permissions.</p> - -<p>The octal format is often faster, and the one you see most often used in shell -scripts. Sometimes the letters are more powerful however. For example, there's no easy -way to change one group of permissions while preserving the other groups on files and -directories when using the octal format. This is trivial with the letters.</p> - -<table border="0" bgcolor="#E0E0E0" width="100%"> -<tr> -<td> -<pre class="SCREEN"> -<samp class="PROMPT">%</samp> <kbd class="USERINPUT">ls -l /tmp/</kbd> --rwxr-xr-x 1 alan users 0 Apr 19 11:21 /tmp/example0 --rwxr-x--- 1 alan users 0 Apr 19 11:21 /tmp/example1 -----r-xr-x 1 alan users 0 Apr 19 11:21 /tmp/example2 -<samp class="PROMPT">%</samp> <kbd class="USERINPUT">chmod g-rwx /tmp/example?</kbd> --rwx---r-x 1 alan users 0 Apr 19 11:21 /tmp/example0 --rwx------ 1 alan users 0 Apr 19 11:21 /tmp/example1 --------r-x 1 alan users 0 Apr 19 11:21 /tmp/example2 -</pre> -</td> -</tr> -</table> - -<p>We mentioned set user ID and set group ID permissions in several places above. You may -be wondering what this is. Normally when you run a program, it is operating under your -user account. That is, it has all the permissions that you as a user have. The same is -true for the group. When you run a program, it executes under your current group. With -set user ID permissions, you can force the program to always run as the program owner -(such as “root”). Set group ID is the same, but for the group.</p> - -<p>Be careful with this, set user ID and set group ID programs can open major security -holes on your system. If you frequently set user ID programs that are owned by <tt -class="USERNAME">root</tt>, you are allowing anyone to run that program and run it as <tt -class="USERNAME">root</tt>. Since <tt class="USERNAME">root</tt> has no restrictions on -the system, you can see how this would pose a major security problem. In short, it's not -bad to use set user ID and set group ID permissions, just use common sense.</p> -</div> - -<div class="NAVFOOTER"> -<hr align="LEFT" width="100%" /> -<table summary="Footer navigation table" width="100%" border="0" cellpadding="0" -cellspacing="0"> -<tr> -<td width="33%" align="left" valign="top"><a href="filesystem-structure.html" -accesskey="P">Prev</a></td> -<td width="34%" align="center" valign="top"><a href="index.html" -accesskey="H">Home</a></td> -<td width="33%" align="right" valign="top"><a href="filesystem-structure-links.html" -accesskey="N">Next</a></td> -</tr> - -<tr> -<td width="33%" align="left" valign="top">Filesystem Structure</td> -<td width="34%" align="center" valign="top"><a href="filesystem-structure.html" -accesskey="U">Up</a></td> -<td width="33%" align="right" valign="top">Links</td> -</tr> -</table> -</div> -</body> -</html> - |